The kdb_destroy utility securely removes the principal database. This utility
runs on the primary and secondary security servers. If you run this
utility using the command line options, it prompts you with a confirmation
and then removes the default principal database, /krb5/prinicpal. To confirm the request, you must type the word "yes"; else kdb_destroy returns the message "Database not destroyed".
This tool destroys only the principal.* files. The other files that store the principal information
must be handled separately. To destroy the admin_acl_file, manually delete it. To destroy the key table files,
use ktutil.
To ensure that no one reads the previous contents of the database
files, kdb_destroy writes zeros to the original files before it deletes
them.
The general syntax for this is:
kdb_destroy [-f keyfile]
The kdb_destroy utility uses the following options:
- -f keyfile
Destroys an alternative key file named keyfile.
Given below is an example of using the kdb_destroy:
shell% kdb_destroy
keyfile: /opt/krb5/.k5.DCETST3.FINANCE.BAMBI.COM
Deleting KDC database stored in '/opt/krb5/principal', are you sure?
(type 'yes' to confirm)?
Database destroyed!
Printable version
